漏洞
When using Web AppBuilder for ArcGIS Developers edition 1.2 with Portal for ArcGIS and ArcGIS for Server 10.3.1, both secured with integrated windows authentication (IWA) on separate machines and are not federated, a query from the query widget with a response number of features over a certain size will fail returning the error “401 unauthorized” as it switches the GET request to a POST request and it is passed through the proxy. The failure is due to the fact that this request is passed through a proxy that is unable to authenticate against the ArcGIS Server secured at the web-tier with IWA.
| 漏洞 ID 编号 | BUG-000090121 |
|---|---|
| 已提交 | August 20, 2015 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS Web AppBuilder developer edition |
| 找到的版本 | 1.1 |
| 修正版本 | Dev 1.3 |
| 状态 | Fixed |
解决办法
1) Pass username, password, and domain in the proxy.config of a Microsoft .Net proxy to allow authentication for users to avoid the error “401 unauthorized”. 2) Modify proxy.ashx to automatically pull and pass windows authentication. 3) Modify ‘/jimu.js/main.js’ of the application code to add the prefix of the requesting ArcGIS for Server REST URL to Cross Origin Resource Sharing (CORS) enabled servers so that the request is never sent in the first place: // path for service from web-tier (IWA/PKI/LDAP) arcgis server // supt05320.esri.com is the associated window.esri.config.defaults.io.corsEnabledServers.push({ host: "supt05320.esri.com", withCredentials: true });重现步骤
漏洞 ID: BUG-000090121
软件:
- ArcGIS Web AppBuilder developer edition
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序